From bb224602e105859e93a52f8c9f464eb9cbe79b0a Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Mon, 26 Jun 2023 13:06:51 -0400

Subject: [PATCH] Fix memory leak in the OTP last token plugin

Three memory leaks are addressed:

1. String values retrieved from the pblock need to be manually

freed.

2. The list of objectclasses retreived from the pblock need to be

freed.

3. Internal search results need to be freed.

Fixes: https://pagure.io/freeipa/issue/9403

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

---

 .../ipa-otp-lasttoken/ipa_otp_lasttoken.c     | 38 +++++++++++++------

 daemons/ipa-slapi-plugins/libotp/otp_token.c  |  1 +

 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c

index b7a2ba7f012fdbf90284ee6605788e196aa4793b..11106b239f9de9074125979cfae7c02e434936e1 100644

--- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c

+++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c

@@ -54,7 +54,7 @@ void *ipa_otp_lasttoken_plugin_id;

 static bool entry_is_token(Slapi_Entry *entry)

 {

-    char **ocls;

+    char **ocls = NULL;

     ocls = slapi_entry_attr_get_charray(entry, SLAPI_ATTR_OBJECTCLASS);

     for (size_t i = 0; ocls != NULL && ocls[i] != NULL; i++) {

@@ -64,6 +64,7 @@ static bool entry_is_token(Slapi_Entry *entry)

         }

     }

+    slapi_ch_array_free(ocls);

     return false;

 }

@@ -138,7 +139,8 @@ static bool is_pwd_enabled(const char *user_dn)

 static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)

 {

     Slapi_DN *target_sdn = NULL;

-    const char *bind_dn;

+    char *bind_dn;

+    bool rv = false;

     /* Ignore internal operations. */

     if (slapi_op_internal(pb))

@@ -147,23 +149,35 @@ static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)

     /* Load parameters. */

     (void) slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);

     (void) slapi_pblock_get(pb, SLAPI_CONN_DN, &bind_dn);

-    if (target_sdn == NULL || bind_dn == NULL) {

-        LOG_FATAL("Missing parameters!\n");

-        return false;

+    if (bind_dn == NULL) {

+        LOG_FATAL("bind_dn parameter missing!\n");

+        goto done;

+    }

+    if (target_sdn == NULL) {

+        LOG_FATAL("target_sdn parameter missing!\n");

+        goto done;

     }

     if (entry != NULL

             ? !entry_is_token(entry)

-            : !sdn_in_otp_container(target_sdn))

-        return true;

+            : !sdn_in_otp_container(target_sdn)) {

+        rv = true;

+        goto done;

+    }

-    if (!sdn_is_only_enabled_token(target_sdn, bind_dn))

-        return true;

+    if (!sdn_is_only_enabled_token(target_sdn, bind_dn)) {

+        rv = true;

+        goto done;

+    }

-    if (is_pwd_enabled(bind_dn))

-        return true;

+    if (is_pwd_enabled(bind_dn)) {

+        rv = true;

+        goto done;

+    }

-    return false;

+done:

+    slapi_ch_free_string(&bind_dn);

+    return rv;

 }

 static inline int send_error(Slapi_PBlock *pb, int rc, const char *errstr)

diff --git a/daemons/ipa-slapi-plugins/libotp/otp_token.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c

index a3cbfb0621c071f8addb29f7ce02f870a807c61d..4be4ede07cbbd0d26bcc9952ef4d84d777076ae7 100644

--- a/daemons/ipa-slapi-plugins/libotp/otp_token.c

+++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c

@@ -398,6 +398,7 @@ static struct otp_token **find(const struct otp_config *cfg, const char *user_dn

     }

 error:

+    slapi_free_search_results_internal(pb);

     slapi_pblock_destroy(pb);

     return tokens;

 }

-- 

2.41.0